You are here

ACSAC

The "Bug-Free Software" fallacy

For patching the unpatchable

About 20 years ago, I worked with a fellow who proudly told me that he had once written a flawless piece of software. He kept its inch-thick line printer listing as a shrine in his cubicle. I never asked him for details, because he got angry when people questioned his judgement on computing. After all, he had once been in a panel discussion with Grace Hopper!

I have my own Grace Hopper stories, but today's interesting panel discussion took place earlier in December at the 2013 ACSAC in New Orleans. Roger Schell, a luminary in the annals of cyber security, declared that 1980s techniques had indeed created "bug-free software."

Roger Schell is wrong.

So-called "bug-free software" is simply "too hard to patch" software. Instead of being bulletproof, the software is like a fragile gift padded for shipment. We protect such thingsĀ by adjusting the world outside: physical security, connection facilities, procedures, and so on. We use boxes, bubble wrap, and duct tape to secure the software.

Wordpress tag: 
Post category: 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer